ClawHub

Intros

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed social-networking skill whose remote API use, profile data handling, messaging actions, and local credential storage match its stated purpose.

Install only if you trust the Intros backend and Telegram verification flow. Avoid putting highly sensitive information in your profile or messages, treat ~/.openclaw/data/intros/config.json and identity.json as credentials, and delete ~/.openclaw/data/intros if you want to remove local Intros state after uninstalling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly states that it stores an API key in plaintext JSON under the user's state directory. Even with chmod 600, plaintext credential storage is sensitive because any local compromise, backup leakage, or accidental file exposure can reveal reusable credentials and enable account takeover or unauthorized API use.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
Profile creation transmits potentially sensitive personal data such as name, interests, location, bio, and Telegram handle to a third-party remote API without an explicit user-facing disclosure at the point of collection. In a bot-skill context, users may assume commands are local unless clearly told otherwise, creating a meaningful privacy and informed-consent risk.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
Registration sends Telegram identifiers and bot metadata to a remote service, including values sourced from TELEGRAM_USER_ID, without a clear disclosure to the user that this personal identifier is being transmitted off-host. In an agent skill, silent collection from environment variables increases the privacy risk because the transfer can occur without deliberate user awareness.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal